A Security fuzzer is a tool used by security professionals (and
professional hackers 🙂 to test a parameter of an application. Typical
fuzzers test an application for buffer overflows, format string
vulnerabilities, and error handling. More advanced fuzzers incorporate
functionality to test for directory traversal attacks, command
execution vulnerabilities, SQL Injection and
Cross Site Scripting
vulnerabilities. Web Vulnerability scanners typically perform all of
this functionality, and can be considered an advanced fuzzer.
Popular free fuzzers include SPIKE Proxy,
Peach Fuzzer Framework, and WebScarab.
